[arch-devops] Arch Linux ISO Checksums on archlinux.org

Christian Rebischke Chris.Rebischke at archlinux.org
Tue Feb 23 15:13:36 UTC 2016

On Mon, Feb 22, 2016 at 04:55:17PM +0100, Levente Polyak wrote:
> On February 22, 2016 4:22:40 PM GMT+01:00, Christian Rebischke <Chris.Rebischke at archlinux.org> wrote:
> >Maybe we should also sign the ISO with a GPG-Key.
> >
> >I don't mean that we should remove the MD5 checksum but we should add
> >some
> >other checksum and sign the ISO. 
> >
> The ISO is actually signed, above the mentioned checksums [0] you can find the signature file [1]. 
> Cheers, 
> Levente
> [0] https://www.archlinux.org/download/
> [1] https://www.archlinux.org/iso/2016.02.01/archlinux-2016.02.01-dual.iso.sig

Sorry guys, there I was too fast and inattentive.
But, however, what do you think about adding a stronger checksum to it?
I know that a GPG-signatures + MD5 or SHA1 would be enough but I know enough
people who just check the checksum and don't care about signatures.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-devops/attachments/20160223/1d9738fb/attachment.asc>

More information about the arch-devops mailing list